Defending Exchange Server Against Spam With SpamAssassin

This short howto is written and done on Windows 2003 Server and Exchange 2003 Server.

Because lately I (among other users) have begun to receive large number of spam on e-mail server of the company where I work, I have decided to implement SpamAssassin which is primary made for Linux.

I have searched little bit on the net how to do it and found ESA Sink written by Christopher G. Lewis. It works on the principle that SpamAssasin is working in serial mode (it scans one message at a time) and ESA Sink take incoming message from Exchange, outputs it to file, run that file through SpamAssasin and returns it to Exchange if it is OK.

Installation and configuration of everything is not that much complicated. It can be divided in following steps:

Download and install the latest version of Active Perl from Active State

Download NMake from Microsoft and after extracting move files to c:\perl\bin

If you receive message that ppm is not recognizable type set path=%path%;c:\perl\bin** and then ppm**

Now in PPM press Ctrl+1 to see list of available perl modules for installation

Type Net-Dns in search field and when you get this package in list click with right mouse button on it and select install

Now we will do same thing for IO-Socket-INET6, IP-Country and Mail-SPF

Now press Ctrl+Enter to install these packages and when it is done you can close PPM

Download the latest version of SpamAssassin and unzip it to c:\Mail-SpamAssassin-3.2.5 (3.2.5=current version that you are downloading, in my case 3.2.5)

In the command prompt now type cd c:\Mail-SpamAssassin-3.2.5

Type following command: perl makefile.pl and answer questions before compiling

Now we need to run nmake, so just type nmake /i (/i means that we want nmake to compile application ignoring errors)

After compiling we need to run nmake /i install to install compiled files

Unset read-only attribute from c:\perl\site\bin\spamassassin.bat file

Now to test SpamAssassin we will enter in command prompt to directory C:\Mail-SpamAssassin-3.2.5\t\data\spam and execute command spamassassin -D < 001

If you see lot of text on your command prompt it means that SpamAssassin works like it should and on the end of output you should find scoring for content of file 001

Now we will return to .ini file from ESA setup and change line SpamAssassin_Batch_File to points to the location of our spamassassin.bat file which is c:\perl\site\bin\spamassassin.bat

Save and close file and finish the ESA installation

At the end of the installation you will leave checkbox to run ESA install script and click Finish button

Small command prompt window will come and leave as soon as ESA is installed

Now to see if it is working properly you can check C:\ESA\Ham or C:\ESA\Spam directories for files and you can send e-mail to yourself as well, if everything works you should find SpamAssassin information in header of the e-mail

To be sure that you don’t have any errors you can check C:\ESA\Log directory in which you should find log file with errors

This configuration works OK on servers that don’t receive more than 1500-2000 e-mail per day, but I wouldn’t recommend it for higher number of e-mails without very strong machine, because in this configuration SpamAssassin works in serial mode, it process one object at a time and this includes downloading of e-mail to file, control against filters, control against URBL lists and then if everything is ok returning it to server for delivery.

For me it was simple test to see if it will work for us, it didn’t worked because of large number of e-mails that we receive (10 000+ per day) so I will go on solution to create Linux SpamAssassin gateway.

Note: I would recomend creating of small .bat script that will delete .out files older than 7 days to avoid running out of disk on your system disk